Three accused of massive Twitter hacking, Bitcoin scam


A Briton, a Florida man and a Florida teenager hacked the Twitter accounts of prominent politicians, celebrities and tech moguls to scam people around the world with more than $ 100,000 in Bitcoin, authorities said on Friday.

Graham Ivan Clark, 17, was arrested in Tampa on Friday, where the Hillsborough state attorney’s office will prosecute him as an adult. He faces 30 felony charges, according to a press release. Mason Sheppard, 19, of Bognor Regis, UK, and Nima Fazeli, 22, of Orlando, have been charged in federal court in California.

In one of the most high-profile security breaches of recent years, hackers on July 15 sent fake tweets from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires, including Amazon CEO Jeff Bezos, co-founder of Microsoft. Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, have also been hacked.

The tweets proposed to send $ 2,000 for every $ 1,000 sent to an anonymous Bitcoin address.

“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be carried out anonymously and without consequence,” said U.S. District Attorney David L. Anderson of the Northern District of California in A press release. “Today’s charge announcement demonstrates that the excitement of malicious hacking in a secure environment for fun or profit will be short-lived.”

Although the case against the teenager was also investigated by the FBI and the US Department of Justice, Hillsborough State Attorney Andrew Warren explained that his office was suing Clark in front of a Florida state court because Florida law allows minors to be charged as adults in financial fraud cases such as this, if any.

“This defendant lives here in Tampa, he committed the crime here, and he will be prosecuted here,” Warren said.

Twitter previously said hackers used the phone to trick employees of the social media company into giving them access. He said the hackers had targeted “a small number of employees with a phone phishing attack.”

“This attack was based on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.

After stealing employee credentials and breaking into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.

The hackers targeted 130 accounts. They managed to tweet from 45 accounts, access direct message inboxes of 36, and download Twitter data from seven. Dutch anti-Islam lawmaker Geert Wilders said his inbox was among the people consulted.

Spear phishing is a more targeted version of phishing, an identity theft scam that uses email or other electronic communications to trick recipients into transmitting sensitive information.

Twitter said it would provide a more detailed report later “in view of the ongoing law enforcement investigation.”

The company previously said the incident was a “coordinated social engineering attack” that targeted some of its employees with access to internal systems and tools. He did not provide more information on how the attack was carried out, but details released so far suggest that the hackers started out by using the old-fashioned way to find their way to- beyond security.

UK cybersecurity analyst Graham Cluley said he assumed that a targeted Twitter employee or contractor received a message over the phone asking him to call a number.

“When the worker called the number, he may have been led to a convincing (but bogus) helpdesk operator, who was then able to use social engineering techniques to trick the intended victim into handing over to him. his credentials, ”Clulely wrote on her blog Friday.

It’s also possible that the hackers pretended to call from the company’s legitimate hotline by spoofing the number, he said.

Associate Press Editor Kelvin Chan in London contributed to this report.


Please enter your comment!
Please enter your name here